git.maquefel.me Git - linux.git/commit

xfrm: Add dir validation to "in" data path lookup

Introduces validation for the x->dir attribute within the XFRM input
data lookup path. If the configured direction does not match the
expected direction, input, increment the XfrmInStateDirError counter
and drop the packet to ensure data integrity and correct flow handling.

grep -vw 0 /proc/net/xfrm_stat
XfrmInStateDirError 1

Signed-off-by: Antony Antony <antony.antony@secunet.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

author	Antony Antony <antony.antony@secunet.com>
	Tue, 30 Apr 2024 07:09:29 +0000 (09:09 +0200)
committer	Steffen Klassert <steffen.klassert@secunet.com>
	Wed, 1 May 2024 08:06:27 +0000 (10:06 +0200)
commit	304b44f0d5a4c2f91f82f7c31538d00485fb484c
tree	cf8a804020173cc515fe9d0f78ef419ee703f2fc	tree \| snapshot
parent	601a0867f86cbb5e137ce485a7eb60cbf9fc5180	commit \| diff

Documentation/networking/xfrm_proc.rst		diff \| blob \| history
include/uapi/linux/snmp.h		diff \| blob \| history
net/ipv6/xfrm6_input.c		diff \| blob \| history
net/xfrm/xfrm_input.c		diff \| blob \| history
net/xfrm/xfrm_proc.c		diff \| blob \| history